After I have setup 2FA and enter the key into Google Authenticator in my smartphone, everything works fine until I changed my smartphone.

On my new phone, I can add back my Microsoft and Google 2FA by showing the barcode and scan into the Google Authenticator again. However, the Zimbra 2FA no longer provide the option to let me enter the key which only show up once during the activation phase. So how do I recover this key in order to have the 6 digit pin 2FA generated on my new smartphone?

I have raised this to Zimbra support and the only workaround they can think of, is to use the application code meant for apps that don’t support 2FA instead. This is completely unacceptable because you need to be able to login first before you can generate the application code. And when you are using a new computer and need the 2FA pin to login, how do you login first in order to generate the code to login?

jorgedlcruz wrote:Hello,If you go here - https://files.zimbra.com/docs/config-guide/index.html and search by TwoFactor you will see multiple results, maybe if you disable it for your user using zimbraTwoFactorAuthEnabled and then follow the preferences wizard again ?

Best regards

If I disable and activate it again, does that mean it will reset all my existing trusted devices and I have to re-enter new application codes for email apps that don't support 2FA?

I have contacted Zimbra support and they seem to be completely unfamiliar with 2FA.

They even think that the passcodes (meant for applications that don't support 2FA) is the same as the unique key (meant for the Smartphone OTP App). And I have to repeatedly keep explaining to them they are NOT the same thing, and why the changing passcodes can't possibly be the same as the unique key which need to be a fixed code in order for the OTP app to generate consistent 6 digit pin on every device base on time.